Replying to Avatar ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ

the final boss is not domain names but IP address ranges.

it would be simple to create a distributed registry that associates a relay npub with an IP address, but if IANA for whatever reeson is leaned on to yank the privilege to some IP address range, what's important to understand is that this is INBOUND connection is snuffed out. OUTBOUND is still ok, so long as there are relay/middlemen to act as rendezvous points.

honestly, i doubt that they can really police IP numbers as a means to stop a network from functioning. they'd sooner do it to shut down Tor, for a start, but they won't because every government spook agency depends on having that tool as a means to cover their activity, among many other tools, it is still one they can and surely have used.

forget about DNS, all you need to do is have a distributed registry of relay/server IP addresses with the pubkey, and the issuer, from this address, signs it. replicas can then be queried for a pubkey, and then you find the addresses associated with the key, and connect this way.

tor hidden services already function by use of a PKI, just the same.

names is a separate layer, this requires something like a blockchain. probably it would be a perfectly fine use of the small space needed, like an OP_RETURN gives you 80 bytes, that's a pubkey, a name up to 48 characters long, and can be signed by the pubkey itself. then there needs to be some kind of first-come-first-served scheme of property claims of names, and those directories i spoke of with the IP/key bindings, can use a common algorithm to read off the claims on chain and only allow the first claim, and then using a key transfer protocol (i assign this name to new claimant) which would also fit in an OP_RETURN.

i don't think that it really needs to be monetised, if you design the protocol to be robust, people can build their own implementations of a marketplace in names at this point, but if the name hasn't been claimed, you only need to pay a bitcoin transaction fee.
Avatar
Garbage nsec 6mo ago 💬 1

>like an OP_RETURN gives you 80 bytes, that's a pubkey, a name up to 48 characters long, and can be signed by the pubkey itself.

That already exists in the form of spacesprotocol.org . On chain is like 80 bytes, the root of the merkle tree, then ZK proof linked off chain for the domain records and subdomains, which they have a DHT for but can be stored anywhere really.

It's pretty neat, the team behind it are legit.

Reply to this note

Please Login to reply.

Discussion

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 6mo ago 💬 1

there ya go! yes, of course there has to be name records for stuff like subdomains and claims and whatnot. and you need a resolver installed somewhere on the device, either in the browser/app or as a system service.

but i can see such a thing becoming eventually a big deal.

also, IPv6 addresses are so numerous that they are basically worthless. at this point the minimum you can buy is 64k worth of them. presumably at some point people will start trading them at units of 256 later on.

the thing about IP addresses is that you essentially only have to have a neighbour recognise your address and the ARP records propagate outwards from that, very quickly. it's extremely hard to control it centrally because it is an extremely decentralised protocol, practically peer to peer, and originally born in a single LAN.

anyway, i just don't think there is any reason to be concerned about DNS, and it's highly impractical to police addresses, and with an address you have inbound connectivity. there only has to be about ~20% of nodes in a p2p network (by bandwidth capacity) for a p2p network to function perfectly fine, if you have a rendezvous protocol, and virtually all p2p networks have a rendezvous protocol, because you can't count on all nodes having inbound addresses in the endless shortage of IPv4 that has been the doom of the internet for which IPv6 was the solution that has never been fully implemented but ... lol... dooom! the IPv4 is running out! be afraid, be very afraid. shit, a whole generation has passed since that dooming started, still nothing.

Avatar
Garbage nsec 6mo ago

The problem is the resolver. You have to first resolve the Bitcoin chain, and with an SPV in theory it's lighter, all the block headers you need are like under 100MB, but still quite an ask for a nostr client to integrate. Also in an iOS app you're kinda screwed because it'll stop resolving when the app isn't open then you have all this catching up to do and cant do much until it catches up, cause the on-chain commit for a name can be updated any time. Then you need to hit the off-chain DHT and follow the ZK chain back to the name on chain.

Resolver pretty much needs to be in cloud, which is its own kettle of fish.